Eddy Bobritsky, CEO at Minerva Labs: using home PC for work? It’s likely already been hacked
The pandemic forced companies to move their operations online, opening doors to malicious actors biding for a perfect moment to strike. With prices per data breach increasing exponentially, it’s worrying that organizations allow employees to use home devices for work. Especially considering that these devices have likely already been hacked.
Following an attack, hackers might demand ransom or simply spy on the organization for a prolonged period of time. Minerva Labs, a pre-execution endpoint threat prevention platform, offers security solutions to help businesses protect themselves from all types of threats, promising that they’ll never have to worry about paying a ransom.
Eddy Bobritsky, Co-founder and CEO at Minerva Labs, shared what the modern cyber security landscape looks like and what solutions the platform provides to combat advancing online threats.
Could you tell us about how the idea of Minerva Labs came to life?
It was a cartoon commercial about two malware that penetrated an organization. The two malware told each other how they did it – this was the Eureka moment where I realized that I'm up to something here. This led to deep research of three months and a patent application in 2013.
On your website, you often mention the threat of fileless malware. What is it, and what dangers does it pose?
I actually don’t really like the term “fileless” because there is a file, it is a legit file that lands on the endpoint and spins a legit process, then it replaces the legit running code in memory with a malicious one directly from the internet without “stopping by” the file system. Once the code is there, we have a malicious fileless attack running and by using this technique to bypass existing security controls. Minerva, on the other hand, stops such attacks per-emotively. For example, Minerva does not allow injection into the memory of a code that did not originate from the file system.
Did the pandemic alter the way you approach security? Were there any new features that had to be added to Minerva Labs?
Yes, we did. We launched our Just-In-Time endpoint security for ZeroTrust environments. In the Zero Trust architecture, and during COVID 19, there is a massive usage of unmanaged devices, BYOD or BYOPC. In other words, employees are allowed to use their home PCs to remotely access the organization. Unfortunately, while the organization is protected, the cloud is protected, the tunnel is secured, and the end-user is authenticated, the home PC is NOT.
Due to privacy laws and regulations, it is simply not allowed to deploy corporate endpoint security on non-corporate endpoints (home PCs). So this home PC is vulnerable, much easier to hack, and most likely already hacked. Although the sessions are secured and encrypted, if there is a RAT or other malicious software that is recording the screen or the keystrokes (keylogger,) there is no way to prevent it.
According to IBM’s report "The Cost of a Data Breach," the average price per breach was increased by $1.1M because of this specific reason. We at Minerva created a just-in-time dissolvable agent that is install-free and doesn’t require any reboots or elevations. The solution kicks in only once the remote connection to the organization is established and deactivates once the session is over. This way, it is fully compliant with privacy laws and regulations. This solution protects the endpoint from ransomware attacks, fileless attacks, and other modern threats. It also includes browser isolation, virtual patching, viability into BYOD during the session, and, of course, prevention of screenshots and keyloggers.
Walk us through the process of malware detection. What happens if it does slip through all the security measures? Can the networks or devices be restored back to normal after an attack?
Minerva has a multi-layered pre-execution threat prevention platform that prevents malware at different stages. But in case there is an inside threat, or for an unexplainable reason, the customer got hit by a ransomware attack, Minerva can restore the encrypted data with a click of a button thanks to our patented backup and restore capability that is blended into our agent as the last line of defense.
You recently got a hold of a sample from new ransomware called BlackMatter. How is it different from what we have seen before?
This ransomware introduces a new and more sophisticated level of evasion techniques that were built to evade security controls to avoid detection. Remember that ransomware success depends on the outreach\foothold it managed to achieve. Therefore, this ransomware uses evasion techniques. This is the reason why Minerva prevents it prior to encryption (before damage) with our Anti-Evasion layer.
In your opinion, which industries are going to be hit by ransomware the most in the near future?
Industries that will face a massive problem following a network shutdown. For example, in healthcare or manufacturing floors, the ransom itself is small money. The downtime is the problem. Each day of downtime costs a lot. Simply divide the annual revenue by the number of days a year. Also, those organizations with cyber insurance are more targeted than others, which makes sense because it is much easier to decide to pay ransom once you have insurance.
Are there any differences in how cybercriminals attack small businesses versus big organizations? Are small businesses less likely to be targeted?
This is one of the truly big problems of this industry. Small organizations need to deal with the same attacks \ ransomware as large enterprises. The problem is that more than 70% of organizations don’t have the budget, the human resources, and the knowledge (skillset) to deal with cyber threats as they would like to. This is one of the key reasons why we see huge success for Minerva in the SMB market. Minerva enables organizations of any size to deal with cyber threats regardless of their skillset and toolset.
And finally, what does the future hold for Minerva Labs?
Minerva will continue to pioneer the market with more innovative solutions that share the same focus to preemptively stop attacks - preventing damage regardless of the organization’s team size, skillset, and toolset.